fkie_cve-2024-26775
Vulnerability from fkie_nvd
Published
2024-04-03 17:15
Modified
2025-01-07 17:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable(); [2] lock(&d->lock); [3] lock(&bdev->bd_size_lock); <Interrupt> [4] lock(&d->lock); *** DEADLOCK *** Where [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity(). [2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc() is trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmd_cfg_rsp() will lead to deadlock. So the simplest solution is breaking lock dependency [2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity() outside.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B819D6-60AD-446F-A1CF-814A2ADCB42C",
              "versionEndExcluding": "6.1.80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0",
              "versionEndExcluding": "6.6.19",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B",
              "versionEndExcluding": "6.7.7",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (\u0026d-\u003elock).\nTo avoid possible interrupt unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n[1] lock(\u0026bdev-\u003ebd_size_lock);\n                                local_irq_disable();\n                            [2] lock(\u0026d-\u003elock);\n                            [3] lock(\u0026bdev-\u003ebd_size_lock);\n   \u003cInterrupt\u003e\n[4]  lock(\u0026d-\u003elock);\n\n  *** DEADLOCK ***\n\nWhere [1](\u0026bdev-\u003ebd_size_lock) hold by zram_add()-\u003eset_capacity().\n[2]lock(\u0026d-\u003elock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](\u0026bdev-\u003ebd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(\u0026d-\u003elock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](\u0026d-\u003elock) -\u003e [3](\u0026bdev-\u003ebd_size_lock) by moving set_capacity()\noutside."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aoe: evita un posible punto muerto en set_capacity Mueve set_capacity() fuera de la secci\u00f3n procesada por (\u0026amp;d-\u0026gt;lock). Para evitar una posible interrupci\u00f3n en un escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- [1] lock(\u0026amp;bdev-\u0026gt;bd_size_lock); local_irq_disable(); [2] bloquear(\u0026amp;d-\u0026gt;bloquear); [3] bloquear(\u0026amp;bdev-\u0026gt;bd_size_lock);  [4] bloqueo(\u0026amp;d-\u0026gt;bloqueo); *** DEADLOCK *** Donde [1](\u0026amp;bdev-\u0026gt;bd_size_lock) mantenido por zram_add()-\u0026gt;set_capacity(). [2]bloqueo(\u0026amp;d-\u0026gt;bloqueo) retenido por aoeblk_gdalloc(). Y aoeblk_gdalloc() est\u00e1 intentando adquirir [3](\u0026amp;bdev-\u0026gt;bd_size_lock) en la llamada set_capacity(). En esta situaci\u00f3n, un intento de adquirir [4]lock(\u0026amp;d-\u0026gt;lock) de aoecmd_cfg_rsp() provocar\u00e1 un punto muerto. Entonces, la soluci\u00f3n m\u00e1s simple es romper la dependencia del bloqueo [2](\u0026amp;d-\u0026gt;lock) -\u0026gt; [3](\u0026amp;bdev-\u0026gt;bd_size_lock) moviendo set_capacity() afuera."
    }
  ],
  "id": "CVE-2024-26775",
  "lastModified": "2025-01-07T17:29:01.727",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-03T17:15:53.187",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.